Identity thieves send spam purporting to come from hiring companies

Below:

Next story in Security

SAN FRANCISCO — A staple of the spammer's arsenal — those come-ons for job offers — is getting a makeover because of the recession as online identity thieves concoct clever new ways to sneak onto people's computers.

One tactic the bad guys are trying is a twist on an old standby: e-mails purporting to come from legitimate companies that say they're still hiring.

The messages are loaded with links to the company's official Web site to throw off suspicious recipients. However, they are also packed with a dangerous surprise — a computer virus — hidden in an attachment that is supposed to be a job application.

One message, supposedly from Coca-Cola Co., trumpets that "We are hiring!" All the recipient has to do is fill out the attached application to get started.

There are some tip-offs, though, that the message is fraudulent: the English is choppy, the company promises 12 weeks of paid vacation and that "None of the positions require any kind of education or work experience!"

Another tactic represents the flip side of that deception. Spammers are sending e-mails pretending to reject people for jobs, instead of trying to recruit them. Those messages say the recipients weren't selected for a particular job, so the company has sent back their application — disguising the malicious program.

"What they're trying to tap into is human curiosity," said Dermot Harnett, principal analyst of anti-spam engineering with Symantec Corp. "Maybe people have lost their jobs, or they're looking for another job, and they're looking at their e-mail constantly to see if they have responses from potential employers."

One way to protect yourself is by never clicking on links or opening e-mail attachments from people you don't know. If you're a jobseeker who gets one of these messages, contact the company's human resources department yourself to follow up on an application or to make sure a job opening exists.

And don't rely on the sender's e-mail address either as proof that the message is coming from a legitimate source. Hackers can easily spoof those.